Bluetooth: Fix checking for proper key->master value in Load LTKs The allowed values for the key->master parameter in the Load LTKs command are 0x00 and 0x01. If there is a key in the list with some other value the command should fail with a proper invalid params response. Signed-off-by: Johan Hedberg <johan.hedberg@intel.com> Acked-by: Marcel Holtmann <marcel@holtmann.org> Signed-off-by: Gustavo Padovan <gustavo.padovan@collabora.co.uk>

commit: 54ad6d8a5afe1a6d162d8d229a3d8fc48b254d24 [log] [tgz]
author: Johan Hedberg <johan.hedberg@intel.com> Sun Jan 20 14:27:15 2013 +0200
committer: Gustavo Padovan <gustavo.padovan@collabora.co.uk> Wed Jan 23 01:54:09 2013 -0200
tree: f636430077b38a32b03e1c2c382297634dbc9d44
parent: e57e619f463e7841940ef1b98969e23f71f5ee8a [diff] [blame]
diff --git a/net/bluetooth/mgmt.c b/net/bluetooth/mgmt.c
index a050eee..c7ec47c 100644
--- a/net/bluetooth/mgmt.c
+++ b/net/bluetooth/mgmt.c

@@ -2721,6 +2721,15 @@
 
 	BT_DBG("%s key_count %u", hdev->name, key_count);
 
+	for (i = 0; i < key_count; i++) {
+		struct mgmt_ltk_info *key = &cp->keys[i];
+
+		if (key->master != 0x00 && key->master != 0x01)
+			return cmd_status(sk, hdev->id,
+					  MGMT_OP_LOAD_LONG_TERM_KEYS,
+					  MGMT_STATUS_INVALID_PARAMS);
+	}
+
 	hci_dev_lock(hdev);
 
 	hci_smp_ltks_clear(hdev);
commit	54ad6d8a5afe1a6d162d8d229a3d8fc48b254d24	[log] [tgz]
author	Johan Hedberg <johan.hedberg@intel.com>	Sun Jan 20 14:27:15 2013 +0200
committer	Gustavo Padovan <gustavo.padovan@collabora.co.uk>	Wed Jan 23 01:54:09 2013 -0200
tree	f636430077b38a32b03e1c2c382297634dbc9d44
parent	e57e619f463e7841940ef1b98969e23f71f5ee8a [diff] [blame]